'ldapsearch for users by partial memberOf value
I have a list of groups and I need to extract users by knowing partially memberOf value
Example:
# for group AAA
ldapsearch -w V1ZEYK -D "cn=XXXXXX,ou=Service Users,ou=User Accounts,dc=uuu,dc=yyy,dc=xxx,dc=net" -H ldaps://<link>:<port> -b "dc=uuu,dc=yyy,dc=xxx,dc=net" -s sub memberOf="CN=AAA,OU=Groups,DC=uuu,DC=yyy,DC=xxx,DC=net" | grep "cn:"
# returns "cn: 12345"
# for group BBB
... -s sub memberOf="CN=BBB,DC=uuu,DC=yyy,DC=xxx,DC=net" | grep "cn:"
# returns nothing, meaning memberOf DC part is different that I dont know of
- How should I pass partial filter so the search could return user cns?
- Is there a way (and should I) pass wildcard filters for flags
-Dand-b?
Tried:
... -s sub memberOf="CN=BBB*"...
... -s sub memberOf="*CN=BBB*"...
# returns nothing
Solution 1:[1]
The LDAP specification do not allow substring searches of Distinguished Names. (like "CN=BBB,DC=uuu,DC=yyy,DC=xxx,DC=net")
I think you will need to write some code.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | jwilleke |